Closed Bug 183771 Opened 22 years ago Closed 22 years ago

mozilla 1.1 Solaris SPARC distribution contains over-liberal permissions (lots of world-writable files)

Categories

(SeaMonkey :: General, defect)

Product:
SeaMonkey
Component:
General
Platform:
Other
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: T.Jones, Assigned: friedman)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826 Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.1) Gecko/20020827 The download from http://ftp.mozilla.org/pub/mozilla/releases/mozilla1.1/mozilla-sparc-sun-solaris2.7-1.1.tar.gz with md5 37c80771b1363cff7b58fd4cbe568be6 is an archive with pretty much all files world-writable. So if the archive is extracted by the root user, or by another user with the p flag, most of the files in the mozilla installation are world-writable Reproducible: Always Steps to Reproduce: 1.wget http://ftp.mozilla.org/pub/mozilla/releases/mozilla1.1/mozilla-sparc-sun-solaris2.7-1.1.tar.gz 2.gzcat mozilla-sparc-sun-solaris2.7-1.1.tar.gz | tar xpf - 3.ls -l mozilla Actual Results: There are lots of world-writable files in the mozilla directory. Expected Results: Whoever made the package should have ensured that it was packaged with sensible permissions. I don't think this archive should be published. It should either be replaced with one with sensible permissions, or removed.
Not sure who this should go to, so ->Browser-General.
Assignee: mstoltz → general
Status: UNCONFIRMED → NEW
Component: Security: General → Browser-General
Ever confirmed: true
QA Contact: bsharma → general
CCing build team; do you know where these permissions are controlled from? We should check what permissions we install files under for all platforms that support permissions.
this should go to whoever contributed the Solaris 2.7 build of mozilla 1.1. possibly friedman@mozilla.org or paulp@wrq.com (from README)
Assignee: general → friedman
(previously paulp@wrq.com) Sorry - can't be of help here. I didn't specifically set any permissions on the files - I just built Mozilla 1.1 per the instructions on the Mozilla build webpage, and packaged it up. If any permissions were incorrectly set, then that was done by the build scripts and/or build system. Removing my name from the cc: list.
This tarball was not produced by netscape, but was contributed by a third party--namely, me. This is not an installer; it's just a tar file of executables created by the build process, provided for those without the tools necessary to build from source on their own systems and as a reference for posterity. Some manual effort is required to install the files system-wide (see the included README); consider chown/chmod to be one of the steps required. I will try to remember to mention that in the README if I create new tarballs in the future and/or fix permissions before creating the tar file. But the tarball is not, and was not intended to be, a production installed package by itself; for that, you would probably use something that could be installed via pkgadd. The binaries in this tarball could be used as the basis for such a package, but I don't think file security or package management are relevant for this particular distribution.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → WONTFIX
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.